The concept of outsourcing identities can be a little scary for IT organizations. Historically, the identity provider has been on-prem, and securely managing identities has long been one of the most important aspects of running an IT organization. Yet, with major advances in the identity and access management (IAM) world, the concept of outsourced identities is becoming a reality.
The good news is that leveraging an outsourced identity provider like Directory-as-a-Service® can be a huge advantage for cloud forward organizations, but before explaining how, it’s important to first discuss why IT organizations are outsourcing identities to begin with.
Traditional On-prem Identity Management
The modern approach to identity management really kicked off with the advent of the LDAP protocol in 1993 by our advisor, Tim Howes, and his colleagues at The University of Michigan. It was a time when just about everything was Microsoft Windows® based and on-prem.
Two major identity providers emerged from the LDAP protocol a few years later. The first, of course, was OpenLDAP™ – the free and open source iteration of the LDAP protocol. The other was from Microsoft, which combined LDAP and Kerberos to create Active Directory®.
Both of these solutions were hosted on-prem and tightly controlled. IT organizations held their identities and their identity management platforms close to their vest. Security and compliance regulations hammered home the need to have tight control over all user access and that even leaving ex-employees or contractors in the directory was bad security hygiene.
So, it’s not surprising when IT admins question whether identities can be outsourced or hosted in the cloud. Add to that the number of security events that have occurred through breached credentials, and most IT organizations are quickly unwilling to take the risk of a cloud hosted identity management solution.
Yet, many IT organizations are completely shifting their IT infrastructures to the cloud. In fact, many now have no IT resources on-prem except for their wireless access points. In this case, it is critical to find the best way to manage user access with a cloud hosted solution.
Outsourced Identity Management with Directory-as-a-Service